divné chování ntb a správce souborů... prosím o kontrolu
Napsal: 02 dub 2021 04:32
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-03-2021
Ran by uživatel (administrator) on LENOVO (LENOVO 80MR) (02-04-2021 05:16:56)
Running from D:\NEJPLOŠŠŠŠÍ Z POLOCH
Loaded Profiles: uživatel
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <17>
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(IP Izmaylov Artem Andreevich -> AIMP DevTeam) D:\programy\AIMP\AIMP.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avpui.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\plugins_nms.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksdeui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\PreSonusHardwareAccessService.exe
(PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\Universal Control.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [WSVCUUpdateHelper.exe] => C:\Program Files (x86)\iSkysoft\UniConverter(IS)\WSVCUUpdateHelper.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [seznam-listicka-distribuce] => "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\Run: [SpyEmergency] => D:\programy\Spy Emergency\SpyEmergency.exe
HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\Run: [Universal Control] => C:\Program Files\PreSonus\Universal Control\Universal Control.exe [18298368 2020-02-20] (PreSonus) [File not signed]
HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\MountPoints2: {62a1e345-826d-11ea-8291-68f728befd68} - "E:\AutoRun.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-03-30] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2019-08-21]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {26E97C34-464A-42C9-89C6-6BB969605A2C} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {3A06E549-FDCC-44F3-80FC-47E998E39731} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-04-16] (Google Inc -> Google Inc.)
Task: {56CF530A-2BCC-45B1-A514-0BE0A0CCD26A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {56CF530A-2BCC-45B1-A514-0BE0A0CCD26A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {56CF530A-2BCC-45B1-A514-0BE0A0CCD26A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{0177963A-7B59-4E6D-B99A-192D6ABF0FCE}" /ENABLE
Task: {56CF530A-2BCC-45B1-A514-0BE0A0CCD26A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {9EA9555C-2284-46BE-9D59-8898C0EB43B0} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {E95CD146-EC55-4FD1-892C-8A818D433A19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-04-16] (Google Inc -> Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0A679C5A-4F02-4B9C-9825-D3F85B953F9F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{B5C6359A-28A2-41F8-95A7-84FA94DE1577}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{F403AA2A-6AE1-4351-8DBF-46E7A487AD7D}: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: @videolan.org/vlc,version=3.0.10 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default [2021-04-02]
CHR DownloadDir: D:\
CHR Notifications: Default -> hxxps://www.xvideos.com
CHR HomePage: Default -> hxxps://www.google.cz/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Ochrana Kaspersky) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-03-11]
CHR Extension: (Disk Google) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-16]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-30]
CHR Extension: (Adblocker) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eomjepbbibnhjbekbabbpgbkknienden [2019-04-18]
CHR Extension: (Click&Clean) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2021-03-26]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-04-01]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2021-03-06]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-15]
CHR Profile: C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-02-26]
CHR Profile: C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-15]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKU\S-1-5-21-2330612324-4196637853-554147409-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-11-15] (Adobe Inc. -> Adobe)
R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avp.exe [384280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 BITCOMET_HELPER_SERVICE; D:\programy\tools\BitCometService.exe [1296728 2013-11-29] (Shanghai Comet Network Technology -> www.BitComet.com)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1741384 2021-03-01] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-02-27] (GOG Sp. z o.o. -> GOG.com)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 KSDE5.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe [646520 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 PreSonus Hardware Access Service; C:\Program Files\PreSonus\Universal Control\PreSonusHardwareAccessService.exe [432640 2020-02-20] (PreSonus) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S2 SpyEmrgHealth; D:\programy\Spy Emergency\SpyEmergencyHealth.exe [X]
S3 WsDrvInst; C:\Program Files (x86)\iSkysoft\UniConverter(IS)\Transfer\DriverInstall.exe [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4267008 2015-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupdisk; C:\Windows\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\Windows\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [657176 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [1400584 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [96008 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [230976 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [86656 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [275664 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [101112 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [190952 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 PaeStudioUsb; C:\Windows\System32\drivers\PaeStudioUsb.sys [374000 2019-12-20] (PreSonus Audio Electronics, Inc -> )
S3 PaeStudioUsbks; C:\Windows\system32\DRIVERS\PaeStudioUsbks.sys [54000 2019-12-20] (PreSonus Audio Electronics, Inc -> )
S3 PaeStudioUsb_loopback; C:\Windows\System32\drivers\PaeStudioUsb_loopback.sys [42736 2019-12-20] (PreSonus Audio Electronics, Inc -> )
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R3 teVirtualMIDI64; C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys [41016 2016-08-31] (Tobias Erichsen -> Tobias Erichsen)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-11-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 CLVirtualBus01; \SystemRoot\System32\drivers\CLVirtualBus01.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-02 05:16 - 2021-04-02 05:17 - 000000000 ___DC C:\FRST
2021-03-26 10:00 - 2021-03-26 10:00 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2021-03-26 09:50 - 2021-03-26 09:50 - 000000000 ___HC C:\Users\uživatel\Documents\Default.rdp
2021-03-12 10:08 - 2021-03-12 10:08 - 000000000 ___DC C:\ProgramData\Realtek
2021-03-11 22:17 - 2021-03-11 22:17 - 000275664 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000230976 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000190952 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000101112 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000086656 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_kimul.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2021-03-11 22:15 - 2021-02-19 22:09 - 000110176 ____C (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2021-03-11 22:15 - 2021-02-19 22:08 - 001042712 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2021-03-11 22:15 - 2021-02-19 22:08 - 000514840 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2021-03-11 21:56 - 2021-03-11 21:56 - 000000000 ___DC C:\Users\uživatel\AppData\Local\Kaspersky Lab
2021-03-11 21:54 - 2021-03-11 22:32 - 000000000 ___DC C:\ProgramData\Kaspersky Lab
2021-03-11 21:54 - 2021-03-11 22:16 - 000003032 ____C C:\Windows\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2021-03-11 21:54 - 2021-03-11 22:15 - 000000000 ___DC C:\Program Files\Common Files\AV
2021-03-11 21:54 - 2021-03-11 22:15 - 000000000 ___DC C:\Program Files (x86)\Kaspersky Lab
2021-03-11 21:54 - 2021-03-11 21:54 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN
2021-03-07 00:16 - 2021-03-07 00:16 - 000000000 ___DC C:\Users\uživatel\AppData\Roaming\Portforward.com
2021-03-06 13:23 - 2021-03-06 13:23 - 002549521 ____C C:\Users\uživatel\Documents\Návod-na-používání-a-interpretace-výsledků-antigenního-testu-pro-detekci-viru-SARS-CoV-2-covid-19-ve-výtěru-z-nosohlatnu.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-02 02:15 - 2019-04-16 12:18 - 000003974 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{0177963A-7B59-4E6D-B99A-192D6ABF0FCE}
2021-04-02 02:13 - 2019-04-18 05:31 - 000000000 ___DC C:\Users\uživatel\AppData\Roaming\AIMP
2021-04-02 01:52 - 2019-04-18 07:32 - 000000000 __HDC C:\Users\uživatel\OneDrive
2021-04-02 01:09 - 2014-11-21 06:53 - 001661194 ____C C:\Windows\system32\PerfStringBackup.INI
2021-04-02 01:09 - 2014-11-21 06:10 - 000706404 ____C C:\Windows\system32\perfh005.dat
2021-04-02 01:09 - 2014-11-21 06:10 - 000144168 ____C C:\Windows\system32\perfc005.dat
2021-04-02 01:09 - 2013-08-22 15:36 - 000000000 ___DC C:\Windows\Inf
2021-04-02 01:03 - 2019-04-16 12:33 - 000000000 _SHDC C:\Users\uživatel\IntelGraphicsProfiles
2021-04-02 01:03 - 2019-04-16 12:23 - 000000180 ____C C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-04-02 01:03 - 2013-08-22 16:45 - 000000006 ___HC C:\Windows\Tasks\SA.DAT
2021-04-02 01:03 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2021-03-30 23:12 - 2019-12-06 06:56 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2330612324-4196637853-554147409-1001
2021-03-30 22:45 - 2019-04-16 12:21 - 000002244 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-29 11:33 - 2019-04-17 22:40 - 000000000 ___DC C:\Users\uživatel\AppData\Roaming\vlc
2021-03-27 06:28 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2021-03-26 09:50 - 2021-01-25 22:49 - 000002180 ____C C:\Windows\diagerr.xml
2021-03-26 09:50 - 2021-01-25 22:49 - 000001908 ____C C:\Windows\diagwrn.xml
2021-03-26 09:50 - 2021-01-25 22:49 - 000000000 ___DC C:\Users\uživatel\AppData\Local\MigWiz
2021-03-26 08:46 - 2019-04-23 18:51 - 000000000 ___DC C:\Users\uživatel\AppData\Local\ElevatedDiagnostics
2021-03-18 22:55 - 2019-08-21 21:09 - 000000000 ___DC C:\Users\uživatel\AppData\Local\CrashDumps
2021-03-16 13:04 - 2019-04-12 16:22 - 000000000 ___DC C:\Users\uživatel
2021-03-11 22:15 - 2013-08-22 17:36 - 000000000 __HDC C:\Windows\ELAMBKUP
2021-03-11 22:10 - 2019-12-18 04:20 - 000003386 ____C C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-03-11 22:10 - 2019-12-18 04:20 - 000003258 ____C C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-03-11 22:10 - 2019-04-16 12:19 - 000000000 ___DC C:\ProgramData\AVAST Software
2021-03-11 21:47 - 2019-04-16 12:20 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-03-11 20:51 - 2020-01-15 04:47 - 000000000 ___DC C:\Users\uživatel\AppData\Roaming\Celemony Software GmbH
2021-03-11 15:14 - 2013-08-22 17:36 - 000000000 ___DC C:\Windows\AppReadiness
2021-03-06 20:18 - 2013-08-22 17:36 - 000000000 ___DC C:\Windows\system32\NDF
2021-03-06 18:28 - 2019-11-16 10:55 - 000000000 ___DC C:\Temp
==================== Files in the root of some directories ========
2020-12-21 12:47 - 2020-12-21 12:47 - 000000040 ____C () C:\Users\uživatel\AppData\Roaming\cdr.ini
2019-05-25 04:23 - 2021-01-25 23:48 - 000007597 ____C () C:\Users\uživatel\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2021-04-01 00:22
==================== End of FRST.txt ========================
Ran by uživatel (administrator) on LENOVO (LENOVO 80MR) (02-04-2021 05:16:56)
Running from D:\NEJPLOŠŠŠŠÍ Z POLOCH
Loaded Profiles: uživatel
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <17>
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(IP Izmaylov Artem Andreevich -> AIMP DevTeam) D:\programy\AIMP\AIMP.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avpui.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\plugins_nms.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksdeui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\PreSonusHardwareAccessService.exe
(PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\Universal Control.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [WSVCUUpdateHelper.exe] => C:\Program Files (x86)\iSkysoft\UniConverter(IS)\WSVCUUpdateHelper.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [seznam-listicka-distribuce] => "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\Run: [SpyEmergency] => D:\programy\Spy Emergency\SpyEmergency.exe
HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\Run: [Universal Control] => C:\Program Files\PreSonus\Universal Control\Universal Control.exe [18298368 2020-02-20] (PreSonus) [File not signed]
HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\MountPoints2: {62a1e345-826d-11ea-8291-68f728befd68} - "E:\AutoRun.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-03-30] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2019-08-21]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {26E97C34-464A-42C9-89C6-6BB969605A2C} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {3A06E549-FDCC-44F3-80FC-47E998E39731} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-04-16] (Google Inc -> Google Inc.)
Task: {56CF530A-2BCC-45B1-A514-0BE0A0CCD26A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {56CF530A-2BCC-45B1-A514-0BE0A0CCD26A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {56CF530A-2BCC-45B1-A514-0BE0A0CCD26A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{0177963A-7B59-4E6D-B99A-192D6ABF0FCE}" /ENABLE
Task: {56CF530A-2BCC-45B1-A514-0BE0A0CCD26A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {9EA9555C-2284-46BE-9D59-8898C0EB43B0} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {E95CD146-EC55-4FD1-892C-8A818D433A19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-04-16] (Google Inc -> Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0A679C5A-4F02-4B9C-9825-D3F85B953F9F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{B5C6359A-28A2-41F8-95A7-84FA94DE1577}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{F403AA2A-6AE1-4351-8DBF-46E7A487AD7D}: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: @videolan.org/vlc,version=3.0.10 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default [2021-04-02]
CHR DownloadDir: D:\
CHR Notifications: Default -> hxxps://www.xvideos.com
CHR HomePage: Default -> hxxps://www.google.cz/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Ochrana Kaspersky) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-03-11]
CHR Extension: (Disk Google) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-16]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-30]
CHR Extension: (Adblocker) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eomjepbbibnhjbekbabbpgbkknienden [2019-04-18]
CHR Extension: (Click&Clean) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2021-03-26]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-04-01]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2021-03-06]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-15]
CHR Profile: C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-02-26]
CHR Profile: C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-15]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKU\S-1-5-21-2330612324-4196637853-554147409-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-11-15] (Adobe Inc. -> Adobe)
R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avp.exe [384280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 BITCOMET_HELPER_SERVICE; D:\programy\tools\BitCometService.exe [1296728 2013-11-29] (Shanghai Comet Network Technology -> www.BitComet.com)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1741384 2021-03-01] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-02-27] (GOG Sp. z o.o. -> GOG.com)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 KSDE5.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe [646520 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 PreSonus Hardware Access Service; C:\Program Files\PreSonus\Universal Control\PreSonusHardwareAccessService.exe [432640 2020-02-20] (PreSonus) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S2 SpyEmrgHealth; D:\programy\Spy Emergency\SpyEmergencyHealth.exe [X]
S3 WsDrvInst; C:\Program Files (x86)\iSkysoft\UniConverter(IS)\Transfer\DriverInstall.exe [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4267008 2015-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupdisk; C:\Windows\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\Windows\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [657176 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [1400584 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [96008 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [230976 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [86656 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [275664 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [101112 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [190952 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 PaeStudioUsb; C:\Windows\System32\drivers\PaeStudioUsb.sys [374000 2019-12-20] (PreSonus Audio Electronics, Inc -> )
S3 PaeStudioUsbks; C:\Windows\system32\DRIVERS\PaeStudioUsbks.sys [54000 2019-12-20] (PreSonus Audio Electronics, Inc -> )
S3 PaeStudioUsb_loopback; C:\Windows\System32\drivers\PaeStudioUsb_loopback.sys [42736 2019-12-20] (PreSonus Audio Electronics, Inc -> )
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R3 teVirtualMIDI64; C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys [41016 2016-08-31] (Tobias Erichsen -> Tobias Erichsen)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-11-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 CLVirtualBus01; \SystemRoot\System32\drivers\CLVirtualBus01.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-02 05:16 - 2021-04-02 05:17 - 000000000 ___DC C:\FRST
2021-03-26 10:00 - 2021-03-26 10:00 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2021-03-26 09:50 - 2021-03-26 09:50 - 000000000 ___HC C:\Users\uživatel\Documents\Default.rdp
2021-03-12 10:08 - 2021-03-12 10:08 - 000000000 ___DC C:\ProgramData\Realtek
2021-03-11 22:17 - 2021-03-11 22:17 - 000275664 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000230976 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000190952 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000101112 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000086656 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_kimul.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2021-03-11 22:15 - 2021-02-19 22:09 - 000110176 ____C (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2021-03-11 22:15 - 2021-02-19 22:08 - 001042712 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2021-03-11 22:15 - 2021-02-19 22:08 - 000514840 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2021-03-11 21:56 - 2021-03-11 21:56 - 000000000 ___DC C:\Users\uživatel\AppData\Local\Kaspersky Lab
2021-03-11 21:54 - 2021-03-11 22:32 - 000000000 ___DC C:\ProgramData\Kaspersky Lab
2021-03-11 21:54 - 2021-03-11 22:16 - 000003032 ____C C:\Windows\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2021-03-11 21:54 - 2021-03-11 22:15 - 000000000 ___DC C:\Program Files\Common Files\AV
2021-03-11 21:54 - 2021-03-11 22:15 - 000000000 ___DC C:\Program Files (x86)\Kaspersky Lab
2021-03-11 21:54 - 2021-03-11 21:54 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN
2021-03-07 00:16 - 2021-03-07 00:16 - 000000000 ___DC C:\Users\uživatel\AppData\Roaming\Portforward.com
2021-03-06 13:23 - 2021-03-06 13:23 - 002549521 ____C C:\Users\uživatel\Documents\Návod-na-používání-a-interpretace-výsledků-antigenního-testu-pro-detekci-viru-SARS-CoV-2-covid-19-ve-výtěru-z-nosohlatnu.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-02 02:15 - 2019-04-16 12:18 - 000003974 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{0177963A-7B59-4E6D-B99A-192D6ABF0FCE}
2021-04-02 02:13 - 2019-04-18 05:31 - 000000000 ___DC C:\Users\uživatel\AppData\Roaming\AIMP
2021-04-02 01:52 - 2019-04-18 07:32 - 000000000 __HDC C:\Users\uživatel\OneDrive
2021-04-02 01:09 - 2014-11-21 06:53 - 001661194 ____C C:\Windows\system32\PerfStringBackup.INI
2021-04-02 01:09 - 2014-11-21 06:10 - 000706404 ____C C:\Windows\system32\perfh005.dat
2021-04-02 01:09 - 2014-11-21 06:10 - 000144168 ____C C:\Windows\system32\perfc005.dat
2021-04-02 01:09 - 2013-08-22 15:36 - 000000000 ___DC C:\Windows\Inf
2021-04-02 01:03 - 2019-04-16 12:33 - 000000000 _SHDC C:\Users\uživatel\IntelGraphicsProfiles
2021-04-02 01:03 - 2019-04-16 12:23 - 000000180 ____C C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-04-02 01:03 - 2013-08-22 16:45 - 000000006 ___HC C:\Windows\Tasks\SA.DAT
2021-04-02 01:03 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2021-03-30 23:12 - 2019-12-06 06:56 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2330612324-4196637853-554147409-1001
2021-03-30 22:45 - 2019-04-16 12:21 - 000002244 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-29 11:33 - 2019-04-17 22:40 - 000000000 ___DC C:\Users\uživatel\AppData\Roaming\vlc
2021-03-27 06:28 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2021-03-26 09:50 - 2021-01-25 22:49 - 000002180 ____C C:\Windows\diagerr.xml
2021-03-26 09:50 - 2021-01-25 22:49 - 000001908 ____C C:\Windows\diagwrn.xml
2021-03-26 09:50 - 2021-01-25 22:49 - 000000000 ___DC C:\Users\uživatel\AppData\Local\MigWiz
2021-03-26 08:46 - 2019-04-23 18:51 - 000000000 ___DC C:\Users\uživatel\AppData\Local\ElevatedDiagnostics
2021-03-18 22:55 - 2019-08-21 21:09 - 000000000 ___DC C:\Users\uživatel\AppData\Local\CrashDumps
2021-03-16 13:04 - 2019-04-12 16:22 - 000000000 ___DC C:\Users\uživatel
2021-03-11 22:15 - 2013-08-22 17:36 - 000000000 __HDC C:\Windows\ELAMBKUP
2021-03-11 22:10 - 2019-12-18 04:20 - 000003386 ____C C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-03-11 22:10 - 2019-12-18 04:20 - 000003258 ____C C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-03-11 22:10 - 2019-04-16 12:19 - 000000000 ___DC C:\ProgramData\AVAST Software
2021-03-11 21:47 - 2019-04-16 12:20 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-03-11 20:51 - 2020-01-15 04:47 - 000000000 ___DC C:\Users\uživatel\AppData\Roaming\Celemony Software GmbH
2021-03-11 15:14 - 2013-08-22 17:36 - 000000000 ___DC C:\Windows\AppReadiness
2021-03-06 20:18 - 2013-08-22 17:36 - 000000000 ___DC C:\Windows\system32\NDF
2021-03-06 18:28 - 2019-11-16 10:55 - 000000000 ___DC C:\Temp
==================== Files in the root of some directories ========
2020-12-21 12:47 - 2020-12-21 12:47 - 000000040 ____C () C:\Users\uživatel\AppData\Roaming\cdr.ini
2019-05-25 04:23 - 2021-01-25 23:48 - 000007597 ____C () C:\Users\uživatel\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2021-04-01 00:22
==================== End of FRST.txt ========================